2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
14 #include <openssl/crypto.h>
15 #include "internal/property.h"
16 #include "internal/ctype.h"
17 #include <openssl/lhash.h>
18 #include <openssl/rand.h>
19 #include "internal/thread_once.h"
20 #include "internal/lhash.h"
21 #include "internal/sparse_array.h"
22 #include "property_lcl.h"
24 /* The number of elements in the query cache before we initiate a flush */
25 #define IMPL_CACHE_FLUSH_THRESHOLD 500
28 const OSSL_PROVIDER
*provider
;
29 OSSL_PROPERTY_LIST
*properties
;
31 void (*method_destruct
)(void *);
34 DEFINE_STACK_OF(IMPLEMENTATION
)
42 DEFINE_LHASH_OF(QUERY
);
46 STACK_OF(IMPLEMENTATION
) *impls
;
47 LHASH_OF(QUERY
) *cache
;
50 struct ossl_method_store_st
{
53 SPARSE_ARRAY_OF(ALGORITHM
) *algs
;
54 OSSL_PROPERTY_LIST
*global_properties
;
57 unsigned char rand_bits
[(IMPL_CACHE_FLUSH_THRESHOLD
+ 7) / 8];
62 LHASH_OF(QUERY
) *cache
;
67 DEFINE_SPARSE_ARRAY_OF(ALGORITHM
);
69 static void ossl_method_cache_flush(OSSL_METHOD_STORE
*store
, int nid
);
70 static void ossl_method_cache_flush_all(OSSL_METHOD_STORE
*c
);
72 int ossl_property_read_lock(OSSL_METHOD_STORE
*p
)
74 return p
!= NULL
? CRYPTO_THREAD_read_lock(p
->lock
) : 0;
77 int ossl_property_write_lock(OSSL_METHOD_STORE
*p
)
79 return p
!= NULL
? CRYPTO_THREAD_write_lock(p
->lock
) : 0;
82 int ossl_property_unlock(OSSL_METHOD_STORE
*p
)
84 return p
!= 0 ? CRYPTO_THREAD_unlock(p
->lock
) : 0;
87 static openssl_ctx_run_once_fn do_method_store_init
;
88 int do_method_store_init(OPENSSL_CTX
*ctx
)
90 return ossl_property_parse_init(ctx
);
93 static unsigned long query_hash(const QUERY
*a
)
95 return OPENSSL_LH_strhash(a
->query
);
98 static int query_cmp(const QUERY
*a
, const QUERY
*b
)
100 return strcmp(a
->query
, b
->query
);
103 static void impl_free(IMPLEMENTATION
*impl
)
106 if (impl
->method_destruct
)
107 impl
->method_destruct(impl
->method
);
112 static void impl_cache_free(QUERY
*elem
)
117 static void alg_cleanup(ossl_uintmax_t idx
, ALGORITHM
*a
)
120 sk_IMPLEMENTATION_pop_free(a
->impls
, &impl_free
);
121 lh_QUERY_doall(a
->cache
, &impl_cache_free
);
122 lh_QUERY_free(a
->cache
);
128 * The OPENSSL_CTX param here allows access to underlying property data needed
131 OSSL_METHOD_STORE
*ossl_method_store_new(OPENSSL_CTX
*ctx
)
133 OSSL_METHOD_STORE
*res
;
135 if (!openssl_ctx_run_once(ctx
,
136 OPENSSL_CTX_METHOD_STORE_RUN_ONCE_INDEX
,
137 do_method_store_init
))
140 res
= OPENSSL_zalloc(sizeof(*res
));
143 if ((res
->algs
= ossl_sa_ALGORITHM_new()) == NULL
) {
147 if ((res
->lock
= CRYPTO_THREAD_lock_new()) == NULL
) {
148 OPENSSL_free(res
->algs
);
156 void ossl_method_store_free(OSSL_METHOD_STORE
*store
)
159 ossl_sa_ALGORITHM_doall(store
->algs
, &alg_cleanup
);
160 ossl_sa_ALGORITHM_free(store
->algs
);
161 ossl_property_free(store
->global_properties
);
162 CRYPTO_THREAD_lock_free(store
->lock
);
167 static ALGORITHM
*ossl_method_store_retrieve(OSSL_METHOD_STORE
*store
, int nid
)
169 return ossl_sa_ALGORITHM_get(store
->algs
, nid
);
172 static int ossl_method_store_insert(OSSL_METHOD_STORE
*store
, ALGORITHM
*alg
)
174 return ossl_sa_ALGORITHM_set(store
->algs
, alg
->nid
, alg
);
177 int ossl_method_store_add(OSSL_METHOD_STORE
*store
, const OSSL_PROVIDER
*prov
,
178 int nid
, const char *properties
, void *method
,
179 int (*method_up_ref
)(void *),
180 void (*method_destruct
)(void *))
182 ALGORITHM
*alg
= NULL
;
183 IMPLEMENTATION
*impl
;
187 if (nid
<= 0 || method
== NULL
|| store
== NULL
)
189 if (properties
== NULL
)
192 /* Create new entry */
193 impl
= OPENSSL_malloc(sizeof(*impl
));
196 if (method_up_ref
!= NULL
&& !method_up_ref(method
)) {
200 impl
->provider
= prov
;
201 impl
->method
= method
;
202 impl
->method_destruct
= method_destruct
;
205 * Insert into the hash table if required.
207 * A write lock is used unconditionally because we wend our way down to the
208 * property string code which isn't locking friendly.
210 ossl_property_write_lock(store
);
211 ossl_method_cache_flush(store
, nid
);
212 if ((impl
->properties
= ossl_prop_defn_get(store
->ctx
, properties
)) == NULL
) {
213 impl
->properties
= ossl_parse_property(store
->ctx
, properties
);
214 if (impl
->properties
== NULL
)
216 ossl_prop_defn_set(store
->ctx
, properties
, impl
->properties
);
219 alg
= ossl_method_store_retrieve(store
, nid
);
221 if ((alg
= OPENSSL_zalloc(sizeof(*alg
))) == NULL
222 || (alg
->impls
= sk_IMPLEMENTATION_new_null()) == NULL
223 || (alg
->cache
= lh_QUERY_new(&query_hash
, &query_cmp
)) == NULL
)
226 if (!ossl_method_store_insert(store
, alg
))
230 /* Push onto stack if there isn't one there already */
231 for (i
= 0; i
< sk_IMPLEMENTATION_num(alg
->impls
); i
++) {
232 const IMPLEMENTATION
*tmpimpl
= sk_IMPLEMENTATION_value(alg
->impls
, i
);
234 if (tmpimpl
->provider
== impl
->provider
235 && tmpimpl
->properties
== impl
->properties
)
238 if (i
== sk_IMPLEMENTATION_num(alg
->impls
)
239 && sk_IMPLEMENTATION_push(alg
->impls
, impl
))
241 ossl_property_unlock(store
);
247 ossl_property_unlock(store
);
253 int ossl_method_store_remove(OSSL_METHOD_STORE
*store
, int nid
,
256 ALGORITHM
*alg
= NULL
;
259 if (nid
<= 0 || method
== NULL
|| store
== NULL
)
262 ossl_property_write_lock(store
);
263 ossl_method_cache_flush(store
, nid
);
264 alg
= ossl_method_store_retrieve(store
, nid
);
266 ossl_property_unlock(store
);
271 * A sorting find then a delete could be faster but these stacks should be
272 * relatively small, so we avoid the overhead. Sorting could also surprise
273 * users when result orderings change (even though they are not guaranteed).
275 for (i
= 0; i
< sk_IMPLEMENTATION_num(alg
->impls
); i
++) {
276 IMPLEMENTATION
*impl
= sk_IMPLEMENTATION_value(alg
->impls
, i
);
278 if (impl
->method
== method
) {
279 sk_IMPLEMENTATION_delete(alg
->impls
, i
);
280 ossl_property_unlock(store
);
285 ossl_property_unlock(store
);
289 int ossl_method_store_fetch(OSSL_METHOD_STORE
*store
, int nid
,
290 const char *prop_query
, void **method
)
293 IMPLEMENTATION
*impl
;
294 OSSL_PROPERTY_LIST
*pq
= NULL
, *p2
;
296 int j
, best
= -1, score
, optional
;
299 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG
, NULL
);
302 if (nid
<= 0 || method
== NULL
|| store
== NULL
)
306 * This only needs to be a read lock, because queries never create property
307 * names or value and thus don't modify any of the property string layer.
309 ossl_property_read_lock(store
);
310 alg
= ossl_method_store_retrieve(store
, nid
);
312 ossl_property_unlock(store
);
316 if (prop_query
== NULL
) {
317 if ((impl
= sk_IMPLEMENTATION_value(alg
->impls
, 0)) != NULL
) {
318 *method
= impl
->method
;
323 pq
= ossl_parse_query(store
->ctx
, prop_query
);
326 if (store
->global_properties
!= NULL
) {
327 p2
= ossl_property_merge(pq
, store
->global_properties
);
330 ossl_property_free(pq
);
333 optional
= ossl_property_has_optional(pq
);
334 for (j
= 0; j
< sk_IMPLEMENTATION_num(alg
->impls
); j
++) {
335 impl
= sk_IMPLEMENTATION_value(alg
->impls
, j
);
336 score
= ossl_property_match_count(pq
, impl
->properties
);
338 *method
= impl
->method
;
346 ossl_property_unlock(store
);
347 ossl_property_free(pq
);
351 int ossl_method_store_set_global_properties(OSSL_METHOD_STORE
*store
,
352 const char *prop_query
) {
358 ossl_property_write_lock(store
);
359 ossl_method_cache_flush_all(store
);
360 if (prop_query
== NULL
) {
361 ossl_property_free(store
->global_properties
);
362 store
->global_properties
= NULL
;
363 ossl_property_unlock(store
);
366 store
->global_properties
= ossl_parse_query(store
->ctx
, prop_query
);
367 ret
= store
->global_properties
!= NULL
;
368 ossl_property_unlock(store
);
372 static void impl_cache_flush_alg(ossl_uintmax_t idx
, ALGORITHM
*alg
)
374 lh_QUERY_doall(alg
->cache
, &impl_cache_free
);
375 lh_QUERY_flush(alg
->cache
);
378 static void ossl_method_cache_flush(OSSL_METHOD_STORE
*store
, int nid
)
380 ALGORITHM
*alg
= ossl_method_store_retrieve(store
, nid
);
383 store
->nelem
-= lh_QUERY_num_items(alg
->cache
);
384 impl_cache_flush_alg(0, alg
);
388 static void ossl_method_cache_flush_all(OSSL_METHOD_STORE
*store
)
390 ossl_sa_ALGORITHM_doall(store
->algs
, &impl_cache_flush_alg
);
394 IMPLEMENT_LHASH_DOALL_ARG(QUERY
, IMPL_CACHE_FLUSH
);
397 * Flush an element from the query cache (perhaps).
399 * In order to avoid taking a write lock or using atomic operations
400 * to keep accurate least recently used (LRU) or least frequently used
401 * (LFU) information, the procedure used here is to stochastically
402 * flush approximately half the cache.
404 * This procedure isn't ideal, LRU or LFU would be better. However,
405 * in normal operation, reaching a full cache would be unexpected.
406 * It means that no steady state of algorithm queries has been reached.
407 * That is, it is most likely an attack of some form. A suboptimal clearance
408 * strategy that doesn't degrade performance of the normal case is
409 * preferable to a more refined approach that imposes a performance
412 static void impl_cache_flush_cache(QUERY
*c
, IMPL_CACHE_FLUSH
*state
)
417 * Implement the 32 bit xorshift as suggested by George Marsaglia in:
418 * https://doi.org/10.18637/jss.v008.i14
420 * This is a very fast PRNG so there is no need to extract bits one at a
421 * time and use the entire value each time.
430 OPENSSL_free(lh_QUERY_delete(state
->cache
, c
));
435 static void impl_cache_flush_one_alg(ossl_uintmax_t idx
, ALGORITHM
*alg
,
438 IMPL_CACHE_FLUSH
*state
= (IMPL_CACHE_FLUSH
*)v
;
440 state
->cache
= alg
->cache
;
441 lh_QUERY_doall_IMPL_CACHE_FLUSH(state
->cache
, &impl_cache_flush_cache
,
445 static void ossl_method_cache_flush_some(OSSL_METHOD_STORE
*store
)
447 IMPL_CACHE_FLUSH state
;
450 if ((state
.seed
= OPENSSL_rdtsc()) == 0)
452 store
->need_flush
= 0;
453 ossl_sa_ALGORITHM_doall_arg(store
->algs
, &impl_cache_flush_one_alg
, &state
);
454 store
->nelem
= state
.nelem
;
457 int ossl_method_store_cache_get(OSSL_METHOD_STORE
*store
, int nid
,
458 const char *prop_query
, void **method
)
463 if (nid
<= 0 || store
== NULL
)
466 ossl_property_read_lock(store
);
467 alg
= ossl_method_store_retrieve(store
, nid
);
469 ossl_property_unlock(store
);
473 elem
.query
= prop_query
!= NULL
? prop_query
: "";
474 r
= lh_QUERY_retrieve(alg
->cache
, &elem
);
476 ossl_property_unlock(store
);
480 ossl_property_unlock(store
);
484 int ossl_method_store_cache_set(OSSL_METHOD_STORE
*store
, int nid
,
485 const char *prop_query
, void *method
)
487 QUERY elem
, *old
, *p
= NULL
;
491 if (nid
<= 0 || store
== NULL
)
493 if (prop_query
== NULL
)
496 ossl_property_write_lock(store
);
497 if (store
->need_flush
)
498 ossl_method_cache_flush_some(store
);
499 alg
= ossl_method_store_retrieve(store
, nid
);
501 ossl_property_unlock(store
);
505 if (method
== NULL
) {
506 elem
.query
= prop_query
;
507 if (lh_QUERY_delete(alg
->cache
, &elem
) != NULL
)
509 ossl_property_unlock(store
);
512 p
= OPENSSL_malloc(sizeof(*p
) + (len
= strlen(prop_query
)));
516 memcpy((char *)p
->query
, prop_query
, len
+ 1);
517 if ((old
= lh_QUERY_insert(alg
->cache
, p
)) != NULL
) {
519 ossl_property_unlock(store
);
522 if (!lh_QUERY_error(alg
->cache
)) {
523 if (++store
->nelem
>= IMPL_CACHE_FLUSH_THRESHOLD
)
524 store
->need_flush
= 1;
525 ossl_property_unlock(store
);
529 ossl_property_unlock(store
);